RE: RSS Feed issuse

[George, Kenneth V [NTK]]

Hmmm...ok



So, here is my situation (I don't think RSS feed is not the way to go)



The Wiki needs to be protected because we deal with some sensitive information. 
 Some pages are even further protected to allow view/edit only for specific 
individuals.  What is the best way to communicate to only those individuals who 
have access to specific pages that changes have been made?



To further complicate matters, the permissions are similar to this:



Main Page - Must Be Authenticated

   |

   |

   +---> Sub-Page - Specific Group Access

                 |

                 |

                 +---> Sub-sub page - Specific individual Access



Now, I have each of the authenticated people’s email address.  Is there a 
plug-in for this or do I need to create one that will deliver page changes 
based on rights via email?



-----Original Message-----
From: lgilardon...@gmail.com [mailto:lgilardon...@gmail.com]
Sent: Wednesday, March 16, 2011 8:15 AM
To: jspwiki-user@incubator.apache.org; George, Kenneth V [NTK]
Subject: Re: RSS Feed issuse



  Not exactly.

Being forced by web.xml policy you cannot visit the site anonymously but you 
are instead forced to log in (as I assume you wish - otherwise where is the 
problem) at the webapp (or container) level.

But the rss builder check internal jsp policies and see all pages accessibles, 
hence build the rss feed from all the pages.

Obviously you may wish also to protect at the application/container level also 
the rss feed itself, other than normal *.jsp urls



On 3/15/2011 6:08 PM, George, Kenneth V [NTK] wrote:

> So basically, if you are an anonymous user, you could still go through and 
> view all content of the wiki, regardless of authentication - correct?

>

> -----Original Message-----

> From: lgilardon...@gmail.com [mailto:lgilardon...@gmail.com]

> Sent: Tuesday, March 15, 2011 3:17 AM

> To: jspwiki-user@incubator.apache.org

> Subject: Re: RSS Feed issuse

>

>    This issue was already discussed a bit (see 
> http://www.mail-archive.com/jspwiki-user@incubator.apache.org/msg01752.html).

>

> However, i have a setup where the whole system is under access control, but 
> with all authenticated users allowed to see anything, and in this case I was 
> able to manage my (and likely your need):

>

> I setup forced authentication through web.xml and then defined the policy as 
> following:

>

> grant principal com.ecyrd.jspwiki.auth.authorize.Role "Anonymous" {

> permission com.ecyrd.jspwiki.auth.permissions.PagePermission "*:*",

> "view"; };

>

> grant principal com.ecyrd.jspwiki.auth.authorize.Role "Asserted" { };

>

> grant principal com.ecyrd.jspwiki.auth.authorize.Role "Authenticated" {

>       permission com.ecyrd.jspwiki.auth.permissions.PagePermission "*:*", 
> "modify,rename";

>       permission com.ecyrd.jspwiki.auth.permissions.GroupPermission

> "*:*", "view";

>       permission com.ecyrd.jspwiki.auth.permissions.GroupPermission

> "*:<groupmember>", "edit";

>       permission com.ecyrd.jspwiki.auth.permissions.WikiPermission

> "*", "createPages,createGroups"; };

>

> Net effect is that tomcat manage and force authentication, but rss reader 
> assume everything is accessible ...

>

> Luca

>

> On 3/15/2011 8:42 AM, Florian Holeczek wrote:

>> Hi Kenneth,

>>

>> AFAIK this is not possible. Since the feed is public, it would leak 
>> protected information otherwise. As long as the public is authorized to view 
>> a page, this one should show up in the feed, too.

>>

>> Best regards

>>    Florian

>>

>>

>> ----- Ursprüngliche Mail -----

>> Von: "Kenneth V George [NTK]"<kenneth.v.geo...@sprint.com>

>> An: jspwiki-user@incubator.apache.org

>> Gesendet: Montag, 14. März 2011 23:23:23

>> Betreff: RSS Feed issuse

>>

>> I have installed JSPWIKI 2.8.4 and setup RSS feeds.  The file was generated, 
>> BUT, I am only getting updates on 2 pages (Main and About).  Neither of 
>> these is protected.  However, I have made several changes to pages that ARE 
>> protected and these don't show up.  How do I get these to show up since 
>> several people have VIEW/EDIT access to the pages and want to know when 
>> things change?

>>

>> Thanks.

>>

>> ________________________________

>>

>> This e-mail may contain Sprint Nextel proprietary information intended for 
>> the sole use of the recipient(s). Any use by others is prohibited. If you 
>> are not the intended recipient, please contact the sender and delete all 
>> copies of the message.

>

>

> ________________________________

>

> This e-mail may contain Sprint Nextel proprietary information intended for 
> the sole use of the recipient(s). Any use by others is prohibited. If you are 
> not the intended recipient, please contact the sender and delete all copies 
> of the message.





________________________________

This e-mail may contain Sprint Nextel proprietary information intended for the 
sole use of the recipient(s). Any use by others is prohibited. If you are not 
the intended recipient, please contact the sender and delete all copies of the 
message.